Packet Capture (PCAP) Trace - cisco.com Capture (PCAP) Trace • FeatureInformation,page1 •...

Click here to load reader

  • date post

    27-Aug-2018
  • Category

    Documents

  • view

    216
  • download

    0

Embed Size (px)

Transcript of Packet Capture (PCAP) Trace - cisco.com Capture (PCAP) Trace • FeatureInformation,page1 •...

  • Packet Capture (PCAP) Trace

    Feature Information, page 1

    Feature Description, page 2

    Configuring PCAP Trace, page 2

    Monitoring and Troubleshooting PCAP Trace, page 8

    Feature InformationSummary Data

    ePDG

    IPSec

    MME

    SaMOG

    Applicable Product(s) or Functional Area

    ASR 5500

    vPC-SI

    vPC-DI

    Applicable Platform(s)

    DisabledFeature Default

    Not ApplicableRelated Changes in This Release

    ASR 5500 System Administration Guide, StarOS Release 21.3 1

  • ASR 5000 System Administration Guide

    ASR 5500 System Administration Guide

    Command Line Interface Reference Guide

    ePDG Administration Guide

    IPSec Reference Guide

    SaMOG Administration Guide

    VPC-SI System Administration Guide

    Related Documentation

    Revision History

    Revision history details are not provided for features introduced before release 21.2.Important

    ReleaseRevision Details

    21.2First introduced.

    Feature DescriptionThis feature enables the output of themonitor subscriber andmonitor protocol commands to be capturedusing the packet capture (PCAP) functionality. The output can be stored in a text file in a hard disk, and latertransferred to an external server through SFTP using a PUSH or PULL method. The text file can then beconverted to a pcap file using external tools such as text2pcap, or imported directly as PCAP using packetanalyzer tools such as wireshark.

    PCAP trace and hexdump file collection can be enabled or disabled under themonitor protocol andmonitorsubscriber commands. For more information, refer Enabling or Disabling Hexdump section of this chapter.

    Configuring PCAP Trace

    Enabling Multiple Instances of CDRMODUse the following configuration to enable multiple instances of CDRMOD (one per packet processing card):config

    cdr-multi-modeend

    Notes:

    ASR 5500 System Administration Guide, StarOS Release 21.32

    Packet Capture (PCAP) TraceFeature Description

  • Although hexdump record generation is supported on both single-mode and multi-mode, it isrecommended to enable the CDR multi-mode.

    Use the default cdr-multi-mode command to configure this command with its default setting.

    Default: Single CDRMOD mode

    Configuring the Hexdump ModuleUse the following configuration to specify the handling characteristics of the hexdump files:config

    context context_namehexdump-module

    hexdump { purge { storage-limit megabytes | time-limit seconds } [ max-files max_records] | push-interval interval | push-trigger space-usage-percent trigger_percent | remove-file-after-transfer| transfer-mode { pull [ module-only ] | push primary { encrypted-url | url } url [ secondary {encrypted-secondary-url | secondary-url } secondary_url ] [ via local-context ] [ max-files files ] [ max-tasksmax_tasks ] [ module-only ] } | use-harddisk }

    endNotes:

    Use the default hexdump [ purge | push-interval | push-trigger [ space-usage-percent ] |remove-file-after-transfer | transfer-mode [ module-only ] | use-harddisk ] + command to configurethe keywords to its the default setting.

    purge: Not enabled

    push-interval: 60 seconds

    push-trigger: 80 percent

    remove-file-after-transfer: Disabled

    transfer mode: PUSH

    use-harddisk: Disabled

    Use the no hexdump [ purge | remove-file-after-transfer | use-harddisk ] + command to disable theconfigured hexdump file storage and processing.

    purge: Disables the deleting of record files on the hard disk based on a storage limit or a timelimit.

    remove-file-after-transfer: Retains a copy of the file even after it has been pushed or pulled toanother server.

    use-harddisk: Disables data storage on the system's hard disk.

    Use the purge { storage-limit megabytes | time-limit seconds } [ max-files max_records ] keywordsto configure parameters for deleting hexdump records from the hard drive. This command is not enabledby default.

    storage-limit megabytes: Specifies that hexdump records are to be deleted from the hard driveupon reaching a storage limit defined in megabytes.

    bytes must be an integer from 10 through 143360.

    ASR 5500 System Administration Guide, StarOS Release 21.3 3

    Packet Capture (PCAP) TraceConfiguring the Hexdump Module

  • time-limit seconds: Specifies that hexdump records are to be deleted from the hard drive uponreaching a time limit defined in seconds.

    seconds must be an integer from 600 through 2592000.

    max-files max_records: Specifies the maximum number of files to purge. If configured to 0, allrecords will be purged until the limit is reached.

    max_records must be an integer that is of value 0, or from 1000 through 10000.

    Use the push-interval intervalkeyword to specify the transfer interval (in seconds) when hexdump fileswill be pushed to an external file server.

    interval must be an integer from 30 through 3600.

    Default: 60

    Use the push-trigger space-usage-percent trigger_percent to specify the disk space utilization percentagethreshold at which an automatic push is triggered and files are transferred to the external server.

    trigger_percent must be an integer from 10 through 80.

    Default: 80

    Use the remove-file-after-transfer keyword to specify that the system must delete hexdump files afterthey have been transferred to the external file server.

    Default: Disabled.

    This keyword must be enabled for hexdump records.Important

    Use the transfer-mode { pull [ module-only ] | push primary { encrypted-url | url } url [ secondary{ encrypted-secondary-url | secondary-url } secondary_url ] [ via local-context ] [ max-files files ][ max-tasks max_tasks ] [ module-only ] } keywords to specify the transfer mode to be used whentransferring hexdump files to an external file server

    pull: Specifies that the destination server (L-ESS) will pull the hexdump files.

    push: Specifies that the systemwill push hexdump files to the destination server. This is the defaultmode.

    primary encrypted-url url: Specifies the primary URL location to which the system pushes thefiles in encrypted format.

    url must be an alphanumeric string of 1 through 8192 characters.

    primary url url: Specifies the primary URL location to which the system pushes the hexdumpfiles.

    url must be an alphanumeric string of 1 through 1024 characters in the format://user:password@host:[port]/direct.

    secondary encrypted-secondary-url secondary_url: Specifies the secondary URL location towhich the system pushes the files in encrypted format.

    secondary_url must be an alphanumeric string of 1 through 8192 characters.

    ASR 5500 System Administration Guide, StarOS Release 21.34

    Packet Capture (PCAP) TraceConfiguring the Hexdump Module

  • secondary secondary-url secondary_url: Specifies the secondary URL location to which thesystem pushes the hexdump files.

    secondary_url must be an alphanumeric string of 1 through 1024 characters in the format://user:password@host:[port]/direct.

    via local-context: Specifies that the local context, and, subsequently, the SPIOmanagement ports,will be used to pull or push hexdump files.

    max-files files: Specifies the maximum number of files that can be transferred per push.files must be an integer from 4 to 4000.

    max-tasks max_tasks: Specifies the maximum number of files per push.max_tasks must be an integer from 4 through 8.

    module-only: Specifies that the transfer of hexdump records is to be applied only to the moduletype for which the configuration was originally created. If this option is not enabled, the transferwill occur for all record types.

    Use the use-harddisk keyword to specify that the hard disk drive on the SMC is to be used to storehexdump records.

    Default: Disabled.

    This keyword must be enabled for hexdump records.Important

    Configuring the Hexdump File ParametersUse the following configuration to specify the format of the hexdump files:config

    context context_namehexdump-module

    file [ compression { gzip | none } | current-prefix prefix | delete-timeout seconds | directorydirectory_name | exclude-checksum-record | field-separator { hyphen | omit | underscore } | headers |name file_name | reset-indicator | rotation { num-records number | tariff-timeminuteminutes hour hours| time seconds | volume bytes } | sequence-number { length length | omit | padded | padded-six-length |unpadded } | storage-limit limit | time-stamp { expanded-format | rotated-format | unix-format } |trailing-text string | trap-on-file-delete | xor-final-record ] +

    endNotes:

    Use the default file [ compression | current-prefix | delete-timeout | directory | field-separator |headers | name | reset-indicator | rotation { num-records | tariff-time | time | volume } |sequence-number | storage-limit | time-stamp | trailing-text | trap-on-file-delete ] + command toconfigure the default setting for the specified keyword(s).

    Use the compression { gzip | none } keyword to specify the compressions of hexdump files.

    gzip: Enables GNU zip compression of the hexdump file at approximately 10:1 ratio.

    none: Disables Gzip compression.

    ASR 5500 System Administration Guide, StarOS Release 21.3 5

    Packet Capture (PCAP) TraceConfiguring the Hexdump File Parameters

  • Use the current-prefix prefix keyword to specify a string to add at the beginning of the hexdump filethat is currently being used to store records.

    prefix must be an alphanumeric string of 1 through 31 characters.

    Default: curr

    Use the delete-timeout seconds keyword to specify a time period, in seconds, after which the hexdumpfiles are deleted. By default, files are never deleted.